CEH 10- Denial of Service

By

What is Denial of Service? 

  • A Denial of Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. 
  • Temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
  • This can be done by send a huge number of requests to server.
  • Results DoS attack, server cannot handle these requests.
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

What is Distributed Denial Of Service?

  • A Distributed Denial-of-Service (DDoS) attack occurs when multiple systems flood the targeted system with traffic.
  • With this traffic the resources unavailable to its intended users. 
  • Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the target system.

Botnet

  • A botnet is a collection of Internet-connected devices.
  • These are infected and controlled by a common type of malware. 
  • Infected machines are controlled remotely. 
  • Botnet infections are usually spread through malware, such as a trojan horse.
  • Botnet malware is typically designed to automatically scan systems and devices for common vulnerabilities that haven't been patched. 
  • Botnet malware may also scan for ineffective or outdated security products, such as firewalls or antivirus software. 
  • Common tasks executed by botnets as follows: 
  1. Using the machine’s power to assist in distributed denial-of-service (DDoS).
  2. Generating spam emails. 
  3. Internet traffic generation on a third-party website. 
  4. Replacing banner ads in a web browser.

DOS Attack is System and Application Level Vulnerabilities: 

  • The operating system or the application software will have bugs which will cause a denial of service situation. 
  • Once an attacker finds this vulnerability, he has to find out the working exploit code for the vulnerability. 
  • If an attacker finds the exploit code he can use it to DOS the target.

Types DOS Attacks: 

1. TCP SYN Flood: 

  • TCP SYN flood is a type of Distributed Denial of Service (DDoS) attack. 
  • That exploits part of the normal TCP three-way handshake to consume resources on the targeted server and render it unresponsive. 
  • With SYN flood DDoS, the attacker sends TCP connection requests faster than the targeted machine can process them.
  • This results network busy and unable serve original request.

2. UDP Flood: 

  • UDP flood is a type of Denial of Service (DoS) attack.
  • Here the attacker sends a request to random ports on the targeted host with IP packets containing UDP datagrams. 
  • The receiving host checks for applications associated with these datagrams and if no application is associated with the request, then it sends back a “Destination Unreachable” packet. 
  • As more and more UDP packets are received which need to be answered.
  • The system overloads and unable to serve original request.

3. HTTP Flood: 

  • HTTP flood is a type of Distributed Denial of Service (DDoS) attack.
  • The attacker sends seemingly legitimate HTTP GET or POST requests to a target web server or application. 
  • A GET request is used to retrieve content, while POST requests are used to send dynamically generated content. 
  • HTTP flood attacks using POST requests tend to be the most resource effective. 
  • POST requests may include parameters that trigger complex server-side processing. 
  • On the other hand, HTTP GET based attacks are simple to perform.

4. Ping of Death: 

  • The attacker will try to send the large-sized ping packets.
  • The target cannot handle these packets, which will cause DOS situation on the target device.

5. MAC Flooding: 

  • The Network switch maintains a table called CAM (Content Addressable
    Memory) to prevent MITM attacks.
  • CAM contains a limited number of entries. 
  • So, when an attacker tries to overload this CAM table with more number of MAC addresses than it can handle. 
  • Sometimes the switch may not be responding to the legitimate requests.

Mitigation: 

  • DoS detection techniques are based on identifying and discriminating the illegitimate traffic from legitimate packet traffic.
  • Use IDS, IPS. 
  • Set up Systems with limited security (Honeypots), to attract an attacker. 
  • FortGuard Anti-DDoS Firewall provides a fundamentally superior approach to mitigating DDoS attacks, with a design that focuses on passing legitimate traffic rather than discarding attack traffic.
  • Use Captcha service.

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment